This simple policy then goes on to silence most individual publisher(/self-media) and consolidated the industry into the hands of the few, with no opportunity left for smaller entrepreneurs. This is arguably much worse than allowing children to watch porn online, because this will for sure effect people's whole life in a negative way.
Also, if EU really wants "VPN services to be restricted to adults only", they should just fine the children who uses it, or their parent for allowing it to happen. The same way you fine drivers for traffic violation, but not the road.
And if EU still think that's not enough, maybe they should just cut the cable, like what North Korea did.
1. First, year ~2015 legal framework was created under disguise of banning pirated media(specifically torrents.ru)(legislative push). State-wide DNS ban introduced. Very easy to circumvent via quering 8.8.8.8
2. Then, having legal basis, govt included extra stuff in banned list(casinos, terrorist orgs, etc)(executive push). IP bans introduced, applied very carefully.
3. Legal expanded allowing govt to ban specific media on very vague criterias(legislative push). IP blocks tried on some large websites. DPI hardware mandated to be installed by ISPs to filter by HTTPS SNI(executive push).
4. At ~2019 Roskomnadzor(RKN) created, special govt entity which enforces bans without court orders(legislative push).
5. ~2021 sites become banned if they are not filtering content by Russian laws by request of RKN(executive push). VPN services were obligated to also DPI-filter traffic(legislative push).
6. ~2023 Crackdown on VPN started(executive push). Popular commercial services were IP-banned, OpenVPN and IPSec connections selectively degraded by DPI.
7. ~2025 Heavy VPN filtering(vless, wireguard, etc) introduced(executive push). Performance of certain sites were degraded(youtube, twitter, etc).
BTW I live in Turkiye where the government banned ALL the adult websites around 2008. Even as an adult you can't access them. This year they are banning VPNs, introduce age controls and ID verification COORDINATED with the rest of the world. Also banning some games, control social media, and basically make it legal to control and track everyone on the internet. What a coincidence that similar attempts are simultaneous in many independent countries.
And no, children have not been really protected in Turkiye since 2008.
Others look at this recipe and can't help but notice its effectiveness. Eventually nobody is beneath pulling this kind of logic, even if they were the ones crucifying it just a few short years ago. The weaker the leader, the more likely that that they forget where they wrote down those principles of theirs and resort to this crap.
Indeed I do not remember this, nor can I find corroborating evidence that there was much of an effort to justify the requirement to the public at all. As far as I can tell, the government simply decided that they needed more control over the internet, so they made a law to give themselves more control over the internet. https://www.gov.cn/gongbao/content/2000/content_60531.htm It has no special provisions limited to children that only later got extended to adults. (Meanwhile, restrictions on how long children may play games continue to only apply to children, AFAIK.)
If they want to protect children, shouldn't they sterilize everyone?
Every child born, regardless of wealth will inevitably suffer injury, illness, and psychological setbacks. Therefore, the best way to protect them would be not allowing people to have children.
By the way, not having children is also more eco-friendly, because an infinite series simply converges.
I wonder if I’ll see this ridiculous scene in my lifetime.
This one isn't actually accurate. Younger people have longer time horizons (i.e. aren't expecting to be dead as soon) and are therefore more likely to support policies like electrifying transportation and generating power from lower CO2 sources, and policies get enacted when they have majority support, so causing the population to skew older by reducing the number of children is ecologically very bad.
These measures taken by the EU and other government entities has always been about surveillance, censorship, control, and eliminating freedom of speech and association. People need to keep calling out this continual deception and attempt to erode freedoms.
"Rules for thee but not for me."
And there you have it, the actual reason for this.
I'll make a similar comment I made on another thread: we saw a thread with many upvotes hating on the cyber-libertarians... We all know the EU institutions are ran by cyber-libertarians and that it's cyber-libertarians making such research and decisions right?
Pick your fight brothers. I don't think spending your time hating on the three John Galts of this world is a worthy fight. You may even turn out to be more morally aligned with the John Galt of this world than with the people running the EU institutions (and North Korea).
Eh - my new car has an EU mandated speed limiter in it that takes over the cruise control. It uses a combination of GPS and vision to determine what speed limit to apply. Only slammed the breaks on on the motorway to drop from 120 to 80 KM/h erroneously 4 times in one journey last week.
Much like the oft maligned Google PM that releases/deprecates another chat product to get their promotion, some commissioner somewhere in Brussels managed to make the world a better place with this too.
It has the ring of BS. Why would an authoritarian government in a country with no free press or free elections feel any need to justify a speech regulation with a fig leaf? They openly restrict speech.
I think you’re full of it.
People don't remember because it didn't happen and the license wasn't about protecting the children. But it's so convenient to just blantantly lie on the internet nowadays, isn't it?
Just like the title of this article blatantly lies about "EU" doing something.
> China had no such legislation until 1997. That year, China's sole legislative body – the National People's Congress (NPC) – passed CL97, a law that deals with cyber crimes, which it divided into two broad categories: crimes that target computer networks, and crimes carried out over computer networks. Behavior illegal under the latter category includes, among many things, the dissemination of pornographic material, and the usurping of "state secrets."
I would like you to make that argument.
Governments getting involved absolutely, unequivocally will be used to clamp down on the free exchange of ideas.
You're the one that needs to argue the presence of harm, given you're the one arguing we need to create a surveillance dragnet to shield certain age groups of humans from witnessing how their species procreates.
The default state is that humans procreate via sexual reproduction. You need to argue why we need to take action to hide this, especially given we let children witness other far more brutal activities from the human species like violence.
The EP paper appears to be highlighting the existence of a debate regarding VPN.
Relevant quote:
"Some argue that this is a loophole in the legislation that needs closing and call for age verification to be required for VPNs as well. In response, some VPN providers argue that they do not share information with third parties and state that their services are not intended for use by children in the first place. The Children's Commissioner for England has called for VPNs to be restricted to adult use only.
While privacy advocates argue that imposing age-verification requirements on VPNs would pose significant risk to anonymity and date protection, child-safety campaigners claim that their widespread use by minors requires a regulatory response. Pornhub and other large pornography platforms have reportedly lost web traffic following the enforcement of age-verification rules in the UK, while VPN apps have reached the top of download rankings."
Of course I'm not saying the EU won't regulate VPNs, but nowhere in this paper is "the EU" stating that VPNs need closing.
no, they want to pretend this is the issue, so that pervasive monitoring or permission and/or deanonymization is normalized. It is to serve the state apparatus, rather than any actual protection.
Kids don't have money and hardly ever manage to do crime without getting caught so they're profoundly uninteresting to surveil in this way, but adults are and here the interests of the state and corporations converge so they'll make a push for tyranny.
But how to make people accept it? Tell them they want to expose kids to gruesome tentacle porn, or else they'd support this. Few adults are willing to admit they even look at porn, let alone argue that this is an important activity that needs to be protected, which it is.
Last two times they tried to push other censorship/tracking laws (claiming as always "we have to, EU is making us") there were mass protests in every city and town.
In my own town of 5k people there were several hundred (500 people at least, probably more). And the previous govt backed down.
This topic seems to be coming back everytime certain countries (Denmark etc) hold the rotating EU presidency. Our current PM is certainly in the same EU clique that wants to push this so much, but it's an extremely unpopular position and he is already leading a weak minority coalition govt. It wouldn't take much to topple him, so he will not do anything like that (unless he is convicted people are distracted with some crisis, but that is where normal people come in. To keep watching what is being smuggled in).
I wonder why do voters in those countries that propose these laws tend to allow this to happen again and again.
That, and the lack of real issues to solve.
Did you grow up with free streaming platforms? Pretty sure many adolescents were accessing porn before those, though it was slightly less accessible.
I personally don't have a definitive opinion about porn (I feel like young kids obviously shouldn't have access to it, but it shouldn't be illegal to adults, but I don't know where the limit should be), but I feel like making it harder for kids to access social media makes sense.
You are right at pointing out that the paper is overall presenting the subject in a balanced manner, unfortunately it seems a bad choice was made when it came to that specific sentence, that gives a venue for it to be fed in the outrage machine.
https://www.europarl.europa.eu/RegData/etudes/ATAG/2026/7826...
For this "story" to gain legs, someone must have pulled that sentence out of content without mentioning the source and then added some misleading context for the outrage.
Bombing children is OK and we happily produce and deliver all the weapons needed for that.
Patterns of an ill society.
https://www.europarl.europa.eu/RegData/etudes/ATAG/2026/7826...
Usually things like these are qualified like "the Department of Defense of the USA stated X".
> Of course I'm not saying the EU won't regulate VPNs
The word choice is quite revealing. You write "regulate VPNs". To me this is not "regulation" at all - it is restriction or factually forbidding it. It is newspeak language here if we dampen it via nicer-sounding words. It also distracts from the main question: why the sudden attack by EU lobbyists against VPNs?
Live sports, they’re already assaulting internet infrastructure in various EU member states (eg. La Liga forcing Spanish ISPs to block cloudflare IPs during matches). With this in mind it seems less a case of surveillance state and more a case of corporate state capture.
Mandatory age verification online is a blight imho. It should be outlawed.
Parents should learn how to be parents; the government shouldn't force companies to do parenting instead.
Social media companies (e.g. Meta, Snap) are the first that should provide that but they don't.
Regulate the poison first, not the access to it. All this age verification nonsense is an admission that some platforms knowingly harm their users. And instead of fixing the issue by cracking down on the proverbial crack, governments make everybody's life worse.
I remain hopeful that one day, humans will regard the online advertising companies with the same scorn we do the tobacco industry and may they be ashamed and disgusted at our inaction.
(Not to mention all the other consent age laws.)
That said, VPN is a national security issue, children are only a pretext.
https://taxsummaries.pwc.com/ireland/corporate/tax-credits-a...
In case anyone wonders: this means the FANG companies don't pay tax in Ireland if they hire enough people in Ireland, which has famously high income tax. It is, in other words, effectively a massive tax increase on the employees while actually reducing total tax income in the EU compared to the "double dutch sandwich".
Note that Ireland signed at least 2 international treaties that they weren't going to do this (OECD minimum tax treaty, EU tax treaty). Of course, there are no consequences to this.
The response to is that EU is exploring company-tax-per-transaction which is so incredibly bad in the massive administrative burden it will generate. It's not final, but it will mean that for every transaction done companies will have to keep (PER transaction) pieces (plural) of evidence for what country they happened in. Every single transaction.
https://joint-research-centre.ec.europa.eu/projects-and-acti...
When I was a kid, child programming and commercials were heavily scrutinized. Now any kid can access porn, violence, and scams on the internet. That's a blight. Not age verification.
Before Internet they used paper.
Maybe porn and violence is making today's teenager behave better than those 30 years ago after all!
There should be a standardized government ID service/API that allows a person to let it disclose their age (or other user selected information) to a requesting site/service. That's all that is needed if the government ID service has appropriate 2FA and security.
Both the request and the response can be appropriately anonymized so that the government doesn't know the site, and the site doesn't know the person's identity.
Why isn't this a thing yet? As far as I know, no one has proposed it.
In theory, every EU state will have to support this soon so users can use it to verify age privately online. Still work to do to roll this out for real, but the technological part is very much already happening and I think the rollout plan is committed.
[0] https://www.personalausweisportal.de/Webs/PA/EN/government/t..., https://www.bsi.bund.de/EN/Themen/Oeffentliche-Verwaltung/El...
My German isn't that great, but I can't find any sources that state that the German eID can use ZKPs directly. From what I can tell, it uses basic signatures, and the new/upcoming wallet app will take care of ZKP generation. But maybe I'm missing a source in German?
Yes that's how it's done in France for instance, and generally how it's being discussed in the EU.
Most European country already have one, some are still testing theirs. They're required by the EU to make one accessible to their citizens by the end of this year, in the context of the eID project [0].
[0] https://commission.europa.eu/topics/digital-economy-and-soci...
You're kidding right?
In Russia we have gosuslugi.ru (state services), which nowadays requires 2FA and hasn't been compromised in any major way so far.
Among other things they provide a way for a third party to use it as identification service and a user chooses which data about himself he wants to share. No anonymity, though, and I don't see how it can be implemented so that the verification provider doesn't know which service is requiring age verification.
It's just a pity they are destroying the internet while doing that. They should be attacking the companies making money from porn instead.
And by the way porn can damage your mind even after 18 so age verification is not a real solution anyway.
People who believe they are addicted to porn view porn at approximately the same rate as other people: they just feel more guilty about it, due to being raised to believe that it is shameful.
One source on the topic: https://www.psychologytoday.com/us/blog/talking-apes/202207/...
""" At the same time, regulators are beginning to address VPN use directly in legislation. Utah recently became the first US state to enact a law explicitly targeting VPN use in online age verification. The state’s SB 73 defines a user’s location based on physical presence rather than apparent IP address, even if VPNs or proxy services are used to mask it.
The EPRS suggests VPN providers may face increasing scrutiny as the EU revises cybersecurity and online safety legislation, noting that future updates to the EU Cybersecurity Act could introduce child-safety requirements aimed at preventing VPN misuse to bypass legal protections. """
Why is age verification connected with identity verification?
I understand why the former is not possible with the latter, but my question is -
Whichever entity is responsible for the verification can just pass on the age verification confirmation without passing through any of the other details, right?
Am I mistaken here? Because if this was possible, I could still go ahead with using the VPN.
> The report highlights emerging approaches, such as “double-blind” verification systems used in France, where websites receive only confirmation that a user meets age requirements without learning the user's identity, while the verification provider does not see which websites the user visits.
With the EU's current approach, disconnecting the two is the exact point. There is no third party, the government ID you already have can be used to verify your age directly with an online service.
At least most complaints I see here are assuming that age verification means tracking.
Too bad, there could be interesting discussions about privacy-preserving age verification, if people just bothered getting informed before complaining.
There's no issuing party to collude with to deanonymize users, no hard requirement on owning a Google- or Apple-vetted smartphone, and generally no way to identify me besides my choice of random numbers.
You move past that, and people rightfully tell you that your scheme outright breaks privacy, or that it makes too many assumptions or is too complex to easily verify it actually preserves privacy.
The EU digital wallet framework is built around those, and your suggested scenario is a first class citizen.
It is now moving from the academic/research world, to the political field, and feedback/pressure from both commercial groups and political agendas is muddling the field.
Here are some links to canonical docs, you can easily find high quality videos that explain this is shorter/simpler terms to get a grasp of it.
https://www.w3.org/TR/did-1.0/
https://www.w3.org/TR/vc-data-model-2.0/
A note: it’s one of the healthy byproducts of the blockchain age, don’t get sidetracked by some hyped videos from crypto bros.
For everything that's wrong in society the answer seems to be more and more regulations. The negative effects (such as the lack of European AI companies) are then waved away (it's because Europe spends their money on American AI instead of investing in EU AI).
It's honestly scary.
US, from its biggest companies to the whole of Silicon Valley culture has done the exact opposite.
Within the EU, multiple attempts at pushing changes in opposition to this have been proposed, debated, voted on (and rejected), as democracies do.
Not perfect, but when you come down to laws, EU bureaucrats gave EU citizens article 8, US gave them the CLOUD act.
If 51% of people want to do something wrong, they should do it to themselves and leave the other 49% alone. Democracy is not an excuse for doing the wrong thing and going "oh well, guess people want it".
GDPR does not protect you from governments snooping on you. The same way it does not stop governments from collecting data on you: https://en.wikipedia.org/wiki/Data_Retention_Directive
It sometimes even forces governments to collect more data on their own citizens like in Romania.
The only difference between the US and the EU is that the EU has somehow managed to convince a bunch of useful idiots (not saying that you are part of it) that it is better than the US when in reality its the same shit just with a different color and smell.
Please stop thinking about the kids on the internet. But here's a brief list of things you must work on with higher urgency:
- taxing more large corporations,
- taxing more ultra-rich people,
- funding EU-made (open source) tech and infrastructure,
- let parents spend more time with their kids so they can actually protect their offspring and keep them safe from predators, more than any stupid law you think you can devise can do,
- more trains.
[1] German men must ask the army for permission to leave country - https://www.dailymail.com/news/article-15706287/German-men-a...
please abolish yourselves. You are worse than cancer.
“Don’t look at this scary monster, look at my pet issue scary monster instead!”
Yep... and to make it worse, nobody is trying to push them towards looking at privacy-preserving age verification: instead technologists try to convince them that they just shouldn't regulate anything. Which... may not work so well.
Beyond that I fully believe there are intelligence agencies, advertising agencies, military interests, IP control interests etc that are all working very diligently and in more targeted ways to each achieve their goals better by pushing for specific measures and helping to amplify moral panics to build the necessary political capital.
Unfortunately, now that it comes to the news cycle, it’s easy to get outraged around misleading headlines.
I encourage you to invest time in researching what the EU has done in the past decade around digital identities and their framing around privacy questions on this. I hope you will find, as I do, that it moved the needle in t he right direction.
This is not a misleading headline, this is a document from the European Parliamentary Research Service that calls out VPNs as a technology that may need to be moderated in order to enforce restrictions such as age verification.
https://www.europarl.europa.eu/RegData/etudes/ATAG/2026/7826...
As you are calling me out - specifically answer how restricting access to VPNs would benefit the freedom of thought, communication, and information within Europe, and not be something that - together with other measures - can help facilitate digital fascism.
Obviously, it's not about the children. It was never about the children. If I had my way every one of these people would be taken to a gulag, because they are evil, have evil intentions, and blatantly lie to further their evil goals. I am tired of the intolerant being tolerated, and by allowing this to fester we are headed for a much worse totalitarian dystopia.
All of these ID laws are going to make it more dangerous for kids online IMO.
“Hi I’m a Roblox moderator. Your account was reported for X and you’ve been temp banned. Come to platform Y to appeal. Start by submitting all your personal info and a selfie.”
And it’ll be completely normalized by big tech. Seriously. WTF are they thinking?
That makes this fight so annoying, we have to fight age identification, while at the same time also promoting privacy-preserving age verification for the case it happens anyway.
That will only very rarely happen. Do you actually know people that will just give you their phone so you can watch porn? For more than one minute? People are so addicted to their phones.
> it's not about the children
It's also about the children, but there surely are parties which use the process to further their own goals.
> I am tired of the intolerant being tolerated
That's not the right quote for this case.
They don't ask for it, they take it when you're busy or sleeping. Teens certainly weren't asking for Dad's VHS tapes or magazines when I was a kid. I suppose this problem is solveable, too, though. Mandatory biometric locks on every device capable of accessing the internet, why not?
> That's not the right quote for this case.
It is. These people are fascists. Their goal is to create a society where the government has a permanent record of everything every person is doing, monitored 24/7 so nobody can defy it. The point about tolerating intolerance is that by abiding such people, you allow them to create an intolerant society, thus it is prudent even in a tolerant society to be intolerant specifically towards those whose goal is intolerance.
Reporting on the EU tends to be quite bad, because people often don't really understand what it is or how it works (in particular there's a tendency to conflate what the commission wants to do with EU policy), but this is unusually careless reporting.
It isn't just governments.
This is also quietly being backed by some big corporations with money .
> big corporations with money
Is there a notable difference between these two in most places? There _should_ be but in practice it feels like more and more places function closer to an oligarchy than whatever form of “democracy” they espouse to practice.
There is billions of research going into making children addicted through the window of their phone screen to watch apps, and now with AI this is getting even more dangerous.
It's not only children, also many elderly people are targeted. They are very lonely and then develop a Claude addiction.
The EU won't stop until it has access to all your data, all your messages, anything you read, save, send will be scrutinized by the the big great EU and it's little minions.
Hey, at least we get the freedom of movement right?
Most of the anti-privacy crap hasn't happened thanks to the EU. Particular countries and lobbying groups have been pushing this through the Commission and Council and most attempts have been rejected by the EP.
If we didn't have the EU, some countries would have long introduced this nonsense (like the UK). But in the EU that does not make much sense, since there is a single market, so you have to enforce it EU-wide.
The European Parliament + courts of justice/human rights are one of the last beacons of democracy/freedom worldwide that resist upcoming authoritarianism. We should support them and remind the Parliament over and over again that they should be continuing the good fight.
---
By the way, nearly all your comments on HN are about politics and all trying to sow dissent on Western (and especially European) democracies.
Not one policy maker has ever seemingly cared about this. But VPNs! That'll fix the budget and demographic crises of European nations, for sure.
I'm curious to see how the EU will maneuver it's new long-term financial plan when none of the members can even pay the membership fee soon.
> A loophole that needs closing
[Some argue] that this is a loophole in the legislation that needs closing and call for age verification to be required for VPNs as well.
https://www.europarl.europa.eu/thinktank/en/document/EPRS_AT...
Feels like its state vs man nowdays, worldwide. Don't let them mislead you.
Basically if you want to do any sort of remote work, I'm not saying you're necessarily using one right now, but the odds are good. Possibly the politician's own IT back-end might have ... opinions... on the ability of the executive to overly check the legislative too.
Now there is a time politicians control what websites we can access.
As VPNs usually cost some money, which is already a barrier for minors.
They need a referendum since it affects people's security and well being.
EU is a tyrrant.
I'm not as bearish on all this as most people here. I don't see much use for age restriction, except maybe keeping preteens off social media. That said, the proposed verification tech is very private, as far as I can tell. My review was cursory, though. Also, each EU member is free to use a different technical solution. Of course they're free to not make age verification obligatory at all. This programme is meant to be a strong default legislative and technical framework: it can't make EU members do something.
VPN for the VPN with a back-up VPN for the VPN's VPN.
People pointed that out quite a while ago already. Age sniffing is a joint attack on the freedoms of people, which explains why these lobbyists also try to abolish VPNs. Their vision for the world wide web is one of authorization. Ultimately they will fail, but a few get rich here in the process.
It reminds me the Mullvad pub campaign: https://mullvad.net/en/and-then/uk
How come being that corrupt pays off so well when you're a politician.
Also, the EPRS did not argue that they are a loophole that needs closing.
From the actual paper:
> Some argue that this is a loophole in the legislation that needs closing and call for age verification to be required for VPNs as well. In response, some VPN providers argue that they do not share information with third parties and state that their services are not intended for use by children in the first place.
The "some argue" is a link; it turns out that 'some' here is the Children's Commissioner for England, a post with, AIUI, only an advisory role in the UK, and obviously not even that in the EU.
The plan is to replace the 99% with machines. It doesn't matter to the 1% if you survive their glorious, great filter.
The great filter is billionaires. It's a billionaire control problem, not a superintelligence control problem. You're livestock. There's a better ox and cart that just pulled down the gravel road.
Then leave the rest of the world out of domestic failed parenting nonsense. However, policy would still likely fail given the cruelty youthful ignorance often brings, and persistent 1:100 child psychopath occurrence rates. =3
The EU was known to be a privacy rights nightmare for at least 10 years now.
You guys should know better, yet keep falling for the distraction every time. That’s exactly how they win.
Add better parental controls to devices, if Facebook sends my children porn on a phone that's "underage" than they get a big fat fine.
But I guess then there's no sending my ID to the world, think of the poor advertisers.
Legislation must call real experts before making any *technical* decisions.